AWS Services in Scope by Compliance Program

— Information Security Registered Assessors Program (IRAP)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative? 

This webpage provides a list of AWS Services in Scope of AWS assurance programs. Unless specifically excluded, generally available features of each of the services are considered in scope of the assurance programs, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

= This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.


Click here for full list of services covered under the AWS compliance programs.

Amazon API Gateway apigateway
Amazon AppFlow  appflow 
Amazon AppStream 2.0 appstream
Amazon Athena athena
Amazon Augmented AI [excludes Public Workforce and Vendor Workforce for all features]  sagemaker 
Amazon Aurora rds
Amazon Chime chime
Amazon Cloud Directory clouddirectory
Amazon CloudFront cloudfront
Amazon CloudWatch cloudwatch, sdkmetrics, eventbridge
Amazon CloudWatch Events events
Amazon CloudWatch Logs logs
Amazon Cognito cognito-idp, cognito-identity, cognito-sync
Amazon Comprehend comprehend
Amazon Comprehend Medical comprehendmedical
Amazon Connect [excludes Wisdom, VoiceID, and High Volume Outbound Communications] connect
Amazon Detective detective
Amazon DevOps Guru   
Amazon DynamoDB dynamodb
Amazon DocumentDB (with MongoDB compatibility)   
Amazon EC2 Auto Scaling autoscaling
Amazon Elastic Block Store (EBS) ec2
Amazon Elastic Compute Cloud (EC2) ec2
Amazon Elastic Container Registry (ECR) ecr
Amazon Elastic Container Service (ECS) ecs
Amazon Elastic File System (EFS) elasticfilesystem
Amazon Elastic Kubernetes Service (EKS) eks
Amazon Elastic MapReduce (EMR) elasticmapreduce
Amazon Elasticache elasticache
Amazon Forecast  amazonforecast 
Amazon Fraud Detector frauddetector 
Amazon FreeRTOS  freertos 
Amazon FSx fsx
Amazon GuardDuty guardduty
Amazon Inspector inspector
Amazon Kendra kendra
Amazon Keyspaces (for Apache Cassandra) keyspaces
Amazon Kinesis Data Analytics  kinesisanalytics 
Amazon Kinesis Data Firehose firehose
Amazon Kinesis Data Streams kinesis
Amazon Lex runtime.lex, models.lex
Amazon Location Service   
Amazon Macie macie
Amazon Managed Service for Prometheus   
Amazon Managed Streaming for Apache Kafka (MSK)  kafka 
Amazon MQ mq
Amazon Neptune  neptune-db 
Amazon OpenSearch Service es 
Amazon Personalize  personalize 
Amazon Pinpoint pinpoint
Amazon Polly polly
Amazon Quantum Ledger Database (QLDB)  qldb 
Amazon QuickSight quicksight
Amazon Redshift redshift
Amazon Rekognition rekognition
Amazon Relational Database Service (RDS) rds
Amazon Route 53 route53
Amazon S3 Glacier glacier
Amazon SageMaker [excludes Studio Lab; Public Workforce and Vendor Workforce for all features]
Amazon Simple Email Service (SES) ses
Amazon Simple Notification Service (SNS) sns
Amazon Simple Queue Service (SQS) sqs
Amazon Simple Storage Service (S3) s3
Amazon Simple Workflow Service swf
Amazon Textract textract
Amazon Transcribe transcribe
Amazon Translate translate
Amazon Virtual Private Cloud ec2
Amazon WorkDocs workdocs
Amazon WorkSpaces workspaces
AWS Amplify  amplify 
AWS AppSync appsync
AWS App Mesh appmesh
AWS Audit Manager  auditmanager 
AWS Backup backup
AWS Batch batch
AWS Certificate Manager acm
AWS Chatbot  chatbot 
AWS Cloud9 cloud9 
AWS CloudFormation cloudformation
AWS CloudHSM cloudhsm
AWS CloudShell   
AWS CloudTrail cloudtrail
AWS Cloud Map servicediscovery
AWS CodeBuild codebuild
AWS CodeCommit codecommit
AWS CodeDeploy codedeploy
AWS CodePipeline codepipeline
AWS Config config
AWS Control Tower controltower
AWS Database Migration Service (DMS) dms
AWS DataSync datasync
AWS Data Exchange  dataexchange 
AWS Direct Connect directconnect
AWS Directory Service ds
AWS Elastic Beanstalk elasticbeanstalk
AWS Elemental MediaConvert mediaconvert
AWS Firewall Manager fms
AWS Glue glue, lakeformation
AWS Glue DataBrew  databrew 
AWS Ground Station groundstation
AWS Identity and Access Management (IAM) iam
AWS IAM Identity Center (successor to AWS Single Sign-On)   
AWS IoT Core iot
AWS IoT Device Management iot
AWS IoT Greengrass greengrass
AWS IoT SiteWise  iotsitewise 
AWS Key Management Service (KMS) kms
AWS Lambda lambda
AWS License Manager license-manager
AWS Mainframe Modernisation (M2)   
AWS Managed Services   
AWS Network Firewall  network-firewall  
AWS OpsWorks for Chef Automate opsworks-cm
AWS OpsWorks for Puppet Enterprise opsworks-cm
AWS Organizations organizations
AWS Outposts outposts
AWS Personal Health Dashboard health
AWS Resource Access Manager   
AWS Resource Groups resource-groups
AWS RoboMaker  robomaker 
AWS Secrets Manager secretsmanager
AWS Security Hub securityhub
AWS Server Migration Service (SMS) sms
AWS Serverless Application Repository serverlessrepo
AWS Service Catalog servicecatalog
AWS Shield shield, DDoSProtection
AWS Snowball Edge  snowballedge 
AWS Step Functions states
AWS Storage Gateway storagegateway
AWS Systems Manager (SSM) ssm
AWS Transfer Family transfer
AWS Trusted Advisor trustedadvisor
AWS Web Application Firewall (WAF) wafv2
AWS Well-Architected Tool   
AWS X-Ray xray
EC2 Image Builder   
Elastic Load Balancing (ELB) elasticloadbalancing
VM Import/Export  

*Namespaces help you identify services across your AWS environment. For example, when you create IAM policies, work with Amazon Resource Names (ARNs), and read AWS CloudTrail logs. Learn more about namespaces on the documentation page. 

Want More Information About Services in Scope?